216.73.217.98

T1639.001: Exfiltration Over Unencrypted Non-C2 Protocol

View on MITRE ATT&CK The MITRE Corporation · Published 06/04/2022 15:22 · Modified 27/03/2026 01:41

Essential information

MITRE technique ID
T1639.001
Confidence
100/100
Revoked
No
Published
06/04/2022 15:22
Modified
27/03/2026 01:41
Author / Source
The MITRE Corporation

Platforms

android iOS

Description

Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. Adversaries may opt to obfuscate this data, without the use of encryption, within network protocols that are natively unencrypted (such as HTTP, FTP, or DNS). Adversaries may employ custom or publicly available encoding/compression algorithms (such as base64) or embed data within protocol headers and fields.

Kill chain phases

Kill chainPhase
mitre-mobile-attack exfiltration

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references